From 70c8d5e6153073babd59766720f440110702e263 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Thu, 15 Nov 2018 23:42:58 +0100
Subject: [PATCH] initial commit

---
 defaults/main.yml |  4 ++++
 tasks/main.yml    |  2 ++
 tasks/setup.yml   | 17 +++++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/setup.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..179b602
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+selinux_enabled: True
+selinux_policy: "targeted"
+selinux_state: "permissive"
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6422299
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- import_tasks: setup.yml
diff --git a/tasks/setup.yml b/tasks/setup.yml
new file mode 100644
index 0000000..8f9b488
--- /dev/null
+++ b/tasks/setup.yml
@@ -0,0 +1,17 @@
+---
+- block:
+    - name: Set selinux policy
+      selinux:
+        policy: "{{ selinux_policy }}"
+        state: "{{ selinux_state }}"
+      register: __sestatus
+
+    - name: Add .autorelabel file (requires a reboot)
+      file:
+        path: /.autorelabel
+        state: touch
+      when:
+        - selinux_state == "enforcing"
+        - __sestatus.changed
+  become: True
+  become_user: root